## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
##
#global:
#  imagePullSecrets:
#    - name: kubeapps-registry-fit2cloud-com-key
#   storageClass: myStorageClass

# true for Helm 3; false for Helm 2:
useHelm3: false # DOES NOT WORK YET; will act as a feature flag later on when we have Helm 3 support.

## The frontend service is the main reverse proxy used to access the Kubeapps UI
## To expose Kubeapps externally either configure the ingress object below or
## set frontend.service.type=LoadBalancer in the frontend configuration.
## ref: http://kubernetes.io/docs/user-guide/ingress/
##
ingress:
  ## Set to true to enable ingress record generation
  ##
  enabled: true

  ## Set this to true in order to add the corresponding annotations for cert-manager
  ##
  certManager: false

  ## When the ingress is enabled, a host pointing to this will be created
  ##
  hostname: kubeapps-plus.{{APP_DOMAIN}}

  ## Enable TLS configuration for the hostname defined at ingress.hostname parameter
  ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
  ##
  tls: false

  ## Ingress annotations done as key:value pairs
  ## For a full list of possible ingress annotations,
  ## please see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
  ##
  ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set
  ##
  annotations:
    # kubernetes.io/ingress.class: nginx
    ## Keep the connection open with the API server even if idle (the default is 60 seconds)
    ## Setting it to 10 minutes which should be enough for our current use case of deploying/upgrading/deleting apps
    ##
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"

  ## The list of additional hostnames to be covered with this ingress record.
  ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
  ## extraHosts:
  ## - name: kubeapps.local
  ##   path: /

  ## The tls configuration for additional hostnames to be covered with this ingress record.
  ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
  ## extraTls:
  ## - hosts:
  ##     - kubeapps.local
  ##   secretName: kubeapps.local-tls

  ## If you're providing your own certificates, please use this to add the certificates as secrets
  ## key and certificate should start with -----BEGIN CERTIFICATE----- or
  ## -----BEGIN RSA PRIVATE KEY-----
  ##
  ## name should line up with a tlsSecret set further up
  ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
  ##
  ## It is also possible to create and manage the certificates outside of this helm chart
  ## Please see README.md for more information
  ##
  secrets: []
  ## - name: kubeapps.local-tls
  ##   key:
  ##   certificate:

  ## DEPRECATED: to be removed on 3.0.0
  ## The list of hostnames to be covered with this ingress record.
  ## Most likely this will be just one host, but in the event more hosts are needed, this is an array
  ##
  #hosts:
  #  - name: kubeapps-plus.{{APP_DOMAIN}}
  #    path: /
  #    ## Set this to true in order to enable TLS on the ingress record
  #    ##
  #    tls: false
  #    ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
  #    ##
  #    tlsSecret: kubeapps.local-tls

## Frontend paramters
##
frontend:
  replicaCount: 2
  ## Bitnami Nginx image
  ## ref: https://hub.docker.com/r/bitnami/nginx/tags/
  ##
  image:
    registry: {{registry_prefix}}:{{registry_port}}
    repository: {{ kubeapps_nginx_image }}
    tag: {{ kubeapps_nginx_version }}
  ## Frontend service parameters
  ##
  service:
    ## Service type
    ##
    type: NodePort
    ## HTTP Port
    ##
    port: 80
    ## Set a static load balancer IP (only when frontend.service.type="LoadBalancer")
    ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
    ##
    # loadBalancerIP:
    ## Provide any additional annotations which may be required. This can be used to
    ## set the LoadBalancer service type to internal only.
    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
    ##
    annotations: {}
  ## NGINX containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
  ##
  livenessProbe:
    httpGet:
      path: /healthz
      port: 8080
    initialDelaySeconds: 60
    timeoutSeconds: 5
  readinessProbe:
    httpGet:
      path: /
      port: 8080
    initialDelaySeconds: 0
    timeoutSeconds: 5
  ## NGINX containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    ## Default values set based on usage data from running Kubeapps instances
    ## ref: https://github.com/kubeapps/kubeapps/issues/478#issuecomment-422979262
    ##
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: {}
  ## Use access_token as the Bearer when talking to the k8s api server
  ## Some K8s distributions such as GKE requires it
  ##
  proxypassAccessTokenAsBearer: false

## AppRepository Controller is the controller used to manage the repositories to
## sync. Set apprepository.initialRepos to configure the initial set of
## repositories to use when first installing Kubeapps.
##
apprepository:
  ## Running a single controller replica to avoid sync job duplication
  ##
  replicaCount: 1
  ## Schedule for syncing apprepositories. Every ten minutes by default
  # crontab: "*/10 * * * *"
  ## Bitnami Kubeapps AppRepository Controller image
  ## ref: https://hub.docker.com/r/bitnami/kubeapps-apprepository-controller/tags/
  ##
  image:
    registry: {{registry_prefix}}:{{registry_port}}
    repository: {{ kubeapps_apprepository_controller_image }}
    tag: {{ kubeapps_apprepository_controller_version }}
  ## Bitnami Kubeapps Charts Repo image
  ## Image used to perform chart repository syncs
  ## ref: https://hub.docker.com/r/bitnami/kubeapps-chart-repo/tags/
  ##
  syncImage:
    registry: {{registry_prefix}}:{{registry_port}}
    repository: {{ kubeapps_chart_repo_image }}
    tag: {{ kubeapps_chart_repo_version }}
  ## Initial charts repo proxies to configure
  ##
  initialReposProxy:
    enabled: false
    # http_proxy: "http://yourproxy:3128"
    # https_proxy: "http://yourproxy:3128"
    # no_proxy: "0.0.0.0/0"
  ## Initial chart repositories to configure
  ##
  initialRepos:
    # - name: stable
    #   url: https://kubernetes-charts.storage.googleapis.com
    # - name: incubator
    #   url: https://kubernetes-charts-incubator.storage.googleapis.com
    # - name: svc-cat
    #   url: https://svc-catalog-charts.storage.googleapis.com
    # - name: bitnami
    #   url: https://charts.bitnami.com/bitnami
    # Additional repositories
    - name: chartmuseum
      url: http://chartmuseum:8080
  #   nodeSelector:
  #     somelabel: somevalue
  #   # Specify an Authorization Header if you are using an authentication method.
  #   authorizationHeader: "Bearer xrxNC..."
  #   # If you're providing your own certificates, please use this to add the certificates as secrets.
  #   # It should start with -----BEGIN CERTIFICATE----- or
  #   # -----BEGIN RSA PRIVATE KEY-----
  #   caCert:
  # https://github.com/kubeapps/kubeapps/issues/478#issuecomment-422979262
  ## AppRepository Controller containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    ## Default values set based on usage data from running Kubeapps instances
    ## ref: https://github.com/kubeapps/kubeapps/issues/478#issuecomment-422979262
    ##
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Affinity for pod assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for pod assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: {}

## Hooks are used to perform actions like populating apprepositories
## or creating required resources during installation or upgrade
##
hooks:
  ## Bitnami Kubectl image
  ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/
  ##
  image:
    registry: {{registry_prefix}}:{{registry_port}}
    repository: {{ kubeapps_kubectl_image }}
    tag: {{ kubeapps_kubectl_version }}
  ## Affinity for hooks' pods assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for hooks' pods assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for hooks' pods assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: {}

## Tiller Proxy is a secure REST API on top of Helm's Tiller component used to
## manage Helm chart releases in the cluster from Kubeapps. Set tillerProxy.host
## to configure a different Tiller host to use.
##
tillerProxy:
  replicaCount: 2

  ## Bitnami Kubeapps Tiller Proxy image
  ## ref: https://hub.docker.com/r/bitnami/kubeapps-tiller-proxy/tags/
  ##
  image:
    registry: {{registry_prefix}}:{{registry_port}}
    repository: {{ kubeapps_tiller_proxy_image }}
    tag: {{ kubeapps_tiller_proxy_version }}

  ## Tiller Proxy service parameters
  ##
  service:
    ## HTTP Port
    ##
    port: 8080
  host: tiller-deploy.kube-system:44134

  ## TLS parameters
  ##
  tls: {}
  #  ca:
  #  cert:
  #  key:
  #  verify: false

  ## It's possible to modify the default timeout for install/upgrade/rollback/delete apps
  ## (Default: 300s)
  # timeout: 300

  ## Tiller Proxy containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    ## Default values set based on usage data from running Kubeapps instances
    ## ref: https://github.com/kubeapps/kubeapps/issues/478#issuecomment-422979262
    ##
    limits:
      cpu: 250m
      memory: 256Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Tiller Proxy containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
  ##
  livenessProbe:
    httpGet:
      path: /live
      port: 8080
    initialDelaySeconds: 60
    timeoutSeconds: 5
  readinessProbe:
    httpGet:
      path: /ready
      port: 8080
    initialDelaySeconds: 0
    timeoutSeconds: 5

  ## Affinity for Tiller Proxy pods assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for Tiller Proxy pods assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for Tiller Proxy pods assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: {}

## Chartsvc is used to serve chart metadata over a REST API.
##
chartsvc:
  replicaCount: 2
  ## Bitnami Kubeapps Chartsvc image
  ## ref: https://hub.docker.com/r/bitnami/kubeapps-chartsvc/tags/
  ##
  image:
    registry: {{registry_prefix}}:{{registry_port}}
    repository: {{ kubeapps_chartsvc_image }}
    tag: {{ kubeapps_chartsvc_version }}
  ## Chartsvc service parameters
  ##
  service:
    ## HTTP Port
    ##
    port: 8080
  ## Chartsvc containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    ## Default values set based on usage data from running Kubeapps instances
    ## ref: https://github.com/kubeapps/kubeapps/issues/478#issuecomment-422979262
    ##
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Chartsvc containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
  ##
  livenessProbe:
    httpGet:
      path: /live
      port: 8080
    initialDelaySeconds: 60
    timeoutSeconds: 5
  readinessProbe:
    httpGet:
      path: /ready
      port: 8080
    initialDelaySeconds: 0
    timeoutSeconds: 5
  ## Affinity for Chartsvc pods assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for Chartsvc pods assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for Chartsvc pods assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: {}

## Dashboard serves the compiled static React frontend application. This is an
## internal service used by the main frontend reverse-proxy and should not be
## accessed directly.
##
dashboard:
  replicaCount: 2
  ## Bitnami Kubeapps Dashboard image
  ## ref: https://hub.docker.com/r/bitnami/kubeapps-dashboard/tags/
  ##
  image:
    registry: {{registry_prefix}}:{{registry_port}}
    repository: {{ kubeappsplus_dashboard_image }}
    tag: {{ kubeappsplus_dashboard_version }}
  ## Dashboard service parameters
  ##
  service:
    ## HTTP Port
    ##
    port: 8080
  ## Dashboard containers' liveness and readiness probes
  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
  ##
  livenessProbe:
    httpGet:
      path: /
      port: 8080
    initialDelaySeconds: 60
    timeoutSeconds: 5
  readinessProbe:
    httpGet:
      path: /
      port: 8080
    initialDelaySeconds: 0
    timeoutSeconds: 5
  ## Dashboard containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    ## Default values set based on usage data from running Kubeapps instances
    ## ref: https://github.com/kubeapps/kubeapps/issues/478#issuecomment-422979262
    ##
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## Affinity for Dashboard pods assignment
  ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
  ##
  affinity: {}
  ## Node labels for Dashboard pods assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
  ##
  nodeSelector: {}
  ## Tolerations for Dashboard pods assignment. Evaluated as a template.
  ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
  ##
  tolerations: {}

## MongoDB chart configuration
## ref: https://github.com/helm/charts/blob/master/stable/mongodb/values.yaml
##
mongodb:
  image:
    ## Bitnami MongoDB registry
    ##
    registry: {{registry_prefix}}:{{registry_port}}
    ## Bitnami MongoDB image name
    ##
    repository: {{ kubeapps_mongodb_image }}
    ## Bitnami MongoDB image tag
    ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/
    ##
    tag: {{ kubeapps_mongodb_version }}
  ## Init containers parameters:
  ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
  ##
  volumePermissions:
    enabled: true
    image:
      registry: {{registry_prefix}}:{{registry_port}}
      repository: {{ kubeapps_minideb_image }}
      tag: {{ kubeapps_minideb_version }}
      pullPolicy: IfNotPresent
  ## Kubeapps uses MongoDB as a cache and persistence is not required
  ##
  persistence:
    enabled: true
    storageClass: {{ storageClassName }}
    size: 100Gi
  ## MongoDB credentials are handled by kubeapps to facilitate upgrades
  ##
  existingSecret: kubeapps-mongodb
  ## Pod Security Context
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  ##
  securityContext:
    enabled: false
  ## Node selector
  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector:
    nodetype: persistent
  ## MongoDB containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    ## Default values set based on usage data from running Kubeapps instances
    ## ref: https://github.com/kubeapps/kubeapps/issues/478#issuecomment-422979262
    ##
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 50m
      memory: 256Mi

## RBAC paramters
##
rbac:
  ## Perform creation of RBAC resources
  ##
  create: true

## Pod Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
  enabled: false
  runAsUser: 1001
  # fsGroup: 1001

## Image used for the tests. The only requirement is to include curl
##
testImage:
  registry: {{registry_prefix}}:{{registry_port}}
  repository: {{ kubeapps_nginx_image }}
  tag: {{ kubeapps_nginx_version }}

# Auth Proxy for OIDC support
# ref: https://github.com/kubeapps/kubeapps/blob/master/docs/user/using-an-OIDC-provider.md
authProxy:
  # Set to true to enable the OIDC proxy
  enabled: false
  ## Bitnami OAuth2 Proxy image
  ## ref: https://hub.docker.com/r/bitnami/oauth2-proxy/tags/
  ##
  image:
    registry: {{registry_prefix}}:{{registry_port}}
    repository: {{ kubeapps_oauth2_proxy_image }}
    tag: {{ kubeapps_oauth2_proxy_version }}
  ## Mandatory parameters
  ##
  provider: ""
  clientID: ""
  clientSecret: ""
  ## cookieSecret is used by oauth2-proxy to encrypt any credentials so that it requires
  ## no storage. Note that it must be a particular number of bytes. Recommend using the
  ## following to generate a cookieSecret as per the oauth2 configuration documentation
  ## at https://pusher.github.io/oauth2_proxy/configuration :
  ## python -c 'import os,base64; print base64.urlsafe_b64encode(os.urandom(16))'
  cookieSecret: ""
  ## Use "example.com" to restrict logins to emails from example.com
  emailDomain: "*"
  ## Additional flags for oauth2-proxy
  ##
  additionalFlags: []
  # - -ssl-insecure-skip-verify
  # - -cookie-secure=false
  # - -scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-platform
  # - -oidc-issuer-url=https://accounts.google.com # Only needed if provider is oidc
  ## OAuth2 Proxy containers' resource requests and limits
  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
  ##
  resources:
    ## Default values set based on usage data from running Kubeapps instances
    ## ref: https://github.com/kubeapps/kubeapps/issues/478#issuecomment-422979262
    ##
    limits:
      cpu: 250m
      memory: 128Mi
    requests:
      cpu: 25m
      memory: 32Mi